To follow up on what Kris said, yes you can create rules like this. We are
unable to publish such broad rules in the official signatures because of
the FPs that it will cause, but you are able to determine what should be
blocked within your individual environment.
PDFs with JavaScript, documents w
Cedric Knight wrote:
Devs - is it possible to block PDFs based on containing '/JavaScript'
and '/OpenAction' (or '/Launch')? I wish ClamAV has a hierarchy from
definite signatures first to secondly checking heuristics...
Not a ClamAV developer, but yes, you can create a signature for this.
Y